AI, cybersecurity and regulation: they aren't governed separately

HYB-01 · 4 HOURS

AI, Cybersecurity and Regulation: the Changing Picture

Target: Management, board, entrepreneurs. Sellable on its own as an executive awareness session.

• →The moment we are living: convergence of AI, cybersecurity and EU regulation
• →AI Act: what it is, who it concerns, what it requires — in 45 minutes without jargon
• →NIS2 and CRA: why they change management's responsibilities, not just IT's
• →IEC 62443 and its role in the CRA: the standard becoming mandatory for manufacturing
• →The decisions regulations impose on the CEO over the next 24 months
• →How to read combined AI + cyber risk without being a technician

Workshop — what you build: A personal exposure map — the regulations relevant to your organization, with the first 3 urgent decisions to bring to management.

HYB-02 · 4 HOURS

Innovating with AI Without Creating Risks

Target: Management, innovation managers, function heads.

• →The AI innovation cycle: from idea to deployment, where the risks arise
• →Regulatory risks of AI in the company: AI Act, liability, audit trail
• →Operational risks: dependency, output quality, error handling
• →Reputational risks: bias, transparency, customer and employee trust
• →The role of the UNI 11814 Innovation Manager in governing company AI
• →AI governance: minimal policy, roles, approval processes

Workshop — what you build: An AI governance canvas — a map of AI use cases in use or under evaluation, with associated risks and priority governance measures.

HYB-03 · 4 HOURS

Reading Risk: AI and Cyber Together

Target: Management, leadership team, quality and safety managers.

• →Why AI and cyber risks amplify each other: concrete scenarios
• →The integrated risk model: assets, threats, impacts, probability
• →How to read the results of an AI or cybersecurity assessment without being a technician
• →Risk indicators for management: what to monitor, how to interpret it
• →Cyber insurance: how AI and OT risk change policies
• →How to communicate integrated risk to the board and stakeholders

Workshop — what you build: A simplified risk dashboard — a map of priority AI and cyber risks with monitoring indicators and alert thresholds for management.

HYB-A1 · 4 HOURS

AI in the Product Development Cycle

• →AI in product design: generative design, simulation, optimization
• →AI in testing and quality: automation, anomaly detection, predictive
• →AI embedded in the product: opportunities, architectures, constraints
• →What changes with the CRA when the product incorporates AI: additional obligations
• →AI Act and high-risk products: classification, requirements, documentation
• →Real cases from Italian manufacturing: where AI creates value in the product today

Workshop — what you build: An AI opportunity map for your product or product line — identifying the most promising AI use cases, their associated regulatory constraints and an exploration priority.

HYB-A2 · 4 HOURS

CRA and IEC 62443 for Designers

• →CRA in practice for designers: essential requirements, documentation, deadlines
• →IEC 62443-4-1 and 4-2: what they ask of the development team — without reading the standard
• →Secure by design: the 10 design decisions that make the difference
• →Vulnerability handling and SBOM: concrete obligations and accessible tools
• →How to integrate CRA requirements into the existing development process without overturning everything
• →The software supply chain: responsibilities toward vendors and customers

Workshop — what you build: A CRA readiness checklist for a real product of the organization — identifying the main gaps and the priority adaptation actions.

HYB-B1 · 4 HOURS

AI Act and NIS2 in Practice: Management Decisions

• →AI Act: the decisions that belong to the CEO, not the technician
• →NIS2: governance obligations, incident notification, top-management responsibility
• →CRA: what changes for those who sell connected products in Europe
• →How to build a regulatory adaptation plan without dedicated resources
• →Vendors and supply chain: extended responsibility and contracts to update
• →Sanctions and legal risks: what happens if you don't comply

Workshop — what you build: A concise compliance action plan — a list of urgent decisions to make over the next 90 days, with priorities, responsibilities and required resources.

HYB-B2 · 4 HOURS

Building a Culture of Secure Innovation

• →Why company culture determines the success or failure of AI adoption
• →Change management for AI: resistance, expectations, internal communication
• →Training people: how to build an AI upskilling plan by function
• →Company AI policy: how to build it, enforce it and update it
• →The manager's role as a promoter of secure innovation
• →Real cases: manufacturing companies that integrated AI successfully

Workshop — what you build: An AI change management plan — identifying the main sources of resistance, communication actions, a minimal training plan for your team.